Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-25	CVE-2021-3446	Use of Insufficiently Random Values vulnerability in multiple products A flaw was found in libtpms in versions before 0.8.2. local low complexity libtpms-project redhat fedoraproject CWE-330	5.5
2021-03-25	CVE-2021-3443	A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. local low complexity jasper-project redhat fedoraproject	5.5
2021-03-25	CVE-2021-3450	Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. network high complexity openssl freebsd netapp windriver fedoraproject tenable oracle mcafee sonicwall nodejs CWE-295	7.4
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2021-03-25	CVE-2020-1946	OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. network low complexity apache debian fedoraproject CWE-78 critical	9.8
2021-03-23	CVE-2021-3409	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. local low complexity qemu redhat fedoraproject debian CWE-119	5.7
2021-03-23	CVE-2021-3392	Use After Free vulnerability in multiple products A use-after-free flaw was found in the MegaRAID emulator of QEMU. local low complexity qemu fedoraproject debian CWE-416	3.2
2021-03-23	CVE-2021-20270	Infinite Loop vulnerability in multiple products An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. network low complexity pygments redhat fedoraproject debian CWE-835	7.5
2021-03-23	CVE-2021-21351	XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle critical	9.1
2021-03-23	CVE-2021-21350	XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle critical	9.8